Naver
Products
7- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-8148 | Hig | 0.51 | 7.8 | 0.00 | May 8, 2026 | NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks. | |
| CVE-2016-5060 | Med | 0.40 | 6.1 | 0.01 | Dec 13, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | |
| CVE-2026-1513 | 0.00 | — | 0.00 | Jan 28, 2026 | billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding. | ||
| CVE-2025-14023 | 0.00 | — | 0.00 | Dec 15, 2025 | LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions. | ||
| CVE-2025-49223 | 0.00 | — | 0.01 | Jun 4, 2025 | billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||
| CVE-2014-6980 | 0.00 | — | 0.00 | Oct 16, 2014 | The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||
| CVE-2012-5183 | 0.00 | — | 0.00 | Dec 26, 2012 | The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | ||
| CVE-2012-5182 | 0.00 | — | 0.00 | Dec 26, 2012 | The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. | ||
| CVE-2012-4005 | 0.00 | — | 0.00 | Aug 7, 2012 | The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application. |
- risk 0.51cvss 7.8epss 0.00
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.
- CVE-2026-1513Jan 28, 2026risk 0.00cvss —epss 0.00
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.
- CVE-2025-14023Dec 15, 2025risk 0.00cvss —epss 0.00
LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions.
- CVE-2025-49223Jun 4, 2025risk 0.00cvss —epss 0.01
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
- CVE-2014-6980Oct 16, 2014risk 0.00cvss —epss 0.00
The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2012-5183Dec 26, 2012risk 0.00cvss —epss 0.00
The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.
- CVE-2012-5182Dec 26, 2012risk 0.00cvss —epss 0.00
The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application.
- CVE-2012-4005Aug 7, 2012risk 0.00cvss —epss 0.00
The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.